PRIOn knowledge basePRION:CVE-2013-2071Cross site request forgery (csrf)
6.3 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
57.8%
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
References
archives.neohapsis.com/archives/bugtraq/2013-05/0040.html
lists.opensuse.org/opensuse-updates/2013-08/msg00013.html
svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AsyncContextImpl.java?r1=1471372&r2=1471371&pathrev=1471372
svn.apache.org/viewvc?view=revision&revision=1471372
tomcat.apache.org/security-7.html
www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
www.securityfocus.com/bid/59798
www.securityfocus.com/bid/64758
www.ubuntu.com/usn/USN-1841-1
issues.apache.org/bugzilla/show_bug.cgi?id=54178
lists.fedoraproject.org/pipermail/package-announce/2013-May/105855.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/106342.html
marc.info/?l=bugtraq&m=139344248911289&w=2
Related
6.3 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
57.8%